CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

BEA WebLogic FileServlet Source Code Disclosure

The version of the WebLogic web application installed on the remote host contains a flaw such that by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. %NASLMINLEVEL 70300 This script was written by John [email protected] Modifications by Tenable Network...

JBoss %00 Request JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by appending a NULL character to the name of the JSP files requested eg, 'foo.jsp%00'. An attacker may use this flaw to get the source code of scripts on the remote host and possibly obtain passwords and other...

JBoss.txt

Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source code of this JSP. Seems to be a forgotten debug feature :- http://192.168.0.4:8080/web-console/ServerInfo.jsp%00 Sincerely Marc Schoenefeld...

JBOSS 3.2.1: JSP source code disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "00" shows the source code of this JSP. Seems to be a forgotten debug feature :-...

Sun ONE Application Server Upper Case Request JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a different case ie: filename.JSP instead of filename.jsp. An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant...

sunone.txt

Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...

Multiple Vulnerabilities in Sun-One Application Server

Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...

Sun ONE Application Server 7.0 - Source Disclosure

source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...

Sun ONE Application Server 7.0 - Source Disclosure

Sun ONE Application Server 7.0 - Source Disclosure source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the serv...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

BEA WebLogic SSIServlet Invocation Source Code Disclosure

BEA WebLogic may be tricked into revealing the source code of JSP scripts by prefixing the path to the .jsp files by /.shtml/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script is based on BEAweblogicRevealsourcecode.nasl Script audit and contributions from Carmichael Security Erik...

MS Windows SMB Authentication Remote Exploit

Exploit for unknown platform in category remote exploits ============================================ MS Windows SMB Authentication Remote Exploit ============================================ Exploit for "Authentication flaw in Windows SMB protocol" Release Date: April 24, 2003 Code by Haamed...

Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold 4.0 to close a second JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code exposure vulnerability...

Phorum 3.4 Cross Site Scripting

Description: It is possible to insert javascript code in a message and execute it. 1. go to a phorum 2. click on new topic 3. enter any name 4. enter any email 5. enter a title in the way like this "scriptalert "Vulnerable";/script 6. enter any text 7. click the preview button 8. click the send...

CVE-2002-0737

CVE-2002-0737 affects the Sambar Web Server prior to 5.2 beta 1. An attacker can remotely obtain source code of server-side scripts or trigger a denial of service by exploiting a flaw in URL parsing when a URL ends with a space followed by a null byte. This occurs because the server misinterprets...

CVE-2002-0300

CVE-2002-0300 affects gnujsp 1.0.0 and 1.0.1. The vulnerability allows remote attackers to list directories, read the source code of certain scripts, and bypass access restrictions by directly requesting a target file from the gnujsp servlet; the issue stems from a limitation of JServ and the ser...

CVE-2002-0737

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service resource exhaustion via DOS devices, using a URL that ends with a space and a null character...

CVE-2002-1025

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed...